Fuhrmanator Posted August 10, 2007 Share Posted August 10, 2007 Ideally, I would have started this as a page in the Wiki, since that seems to be the most efficient way. However, it appears it has to go out in the forum first? Anyway... Question: I got an email from SpamCop saying "(IP address) appears to be sending unsolicited bounces." What is an "unsolicited bounce" or "misdirected bounce"? First, let's clear up the term "bounce". A bounce is a message, also known as a non-delivery report (NDR) or delivery status notification (DSN), which has been generated by a mail server to report on the delivery status of an email message. For example, a "bounce" could result when a user "Joan[at]from.com" attempted to email a user "Fred[at]to.com", but there is no such user "Fred" at that domain. The mail server at "to.com" generates a new message (NDR) and addresses it to "Joan[at]from.com" to let her know that her mail couldn't be delivered because there is no such user "Fred". So, the term "unsolicited bounce" or "misdirected bounce" refers to a bounce that is sent to a user who should not have received it. Using the above example, the mail server sends an email to "Joan[at]from.com" stating her message could not be delivered, whereas she never tried to send such a message in the first place. If your mailserver is sending "unsolicited bounces" it could get block-listed by SpamCop. This is because your server is technically sending bounces to users who don't deserve to get them. Question: How does an "unsolicited bounce" or "misdirected bounce" occur? The simple answer is that the "From" address (or the MAIL FROM field in SMTP) in messages your mail server can easily be forged, because of a loophole in the design of email protocols. This loophole is commonly exploited by spammers. They almost always lie about who the "sender" of a message is. Sometimes the "sender" is a random user that the spammer generates, who doesn't exist. Sometimes the "sender" is a real address, either because the randomly generated "sender" turns out to be a real address, or because the spammer has specifically used a real address as the "sender" without it being random.When a spammer addresses email to "Fred[at]to.com", as in the above example, he can also forge the sender's address to say that the mail is from "Joan[at]from.com". Sadly, "Joan[at]from.com" will receive an unsolicited bounce, unless the mail server for "to.com" is properly configured. Question: How do I prevent my mail server from sending "unsolicited bounces"? Configure your mail server to only generate bounces to local recipients. Using the above example, the mail server for "to.com" should only generate new emails to users who have sent email from addresses that are local to "to.com". Configure your mail server to reject messages at the SMTP session if they are addressed to invalid recipients. By rejecting the message at the SMTP session, any "bounces" will be sent by other mail servers involved in the transfer (ideally a server local to the sender, if indeed the sender is not a spammer). Sadly, it is not always possible to configure all mail programs to behave in these ways. But even AOL changed their mail server's behavior back in the days when this problem first began, because of how many people were getting "misdirected bounces". For more info on how to configure your mail server to not generate misdirected bounces, see the SpamCop FAQ entry at http://spamcop.net/fom-serve/cache/329.html#bounces Question: Why has this loophole (of being able to forge "From" addresses) not been fixed yet! The short answer is that the protocols used on the Internet to send email have to be agreed upon by all parties involved. Lots of solutions have been proposed. But so far, nobody has been able to propose a technical solution that is acceptable to everyone. First of all, the impact of such a change would be huge, because of the huge numbers of mail servers and the different software used to support those servers. In some ways, it would be almost like getting the entire world to convert their electric current to some new voltage. To understand why the loophole exists, it's useful to know that when the Internet protocol used for email transfer was designed, nobody anticipated that the users involved would misuse the system (how many times have we heard this before!). This is because they were mostly scientists and government contractors. Now, everybody in the world is using this protocol, and the spammers have taken advantage of the design flaw. The lawmakers have attemtped a legal solution, called the CANSPAM Act http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm, which bans falsifying header information in an email. Given that spam has increased in volume since this act went into legislation, you can see how ineffective this legislation is. Other solutions have been proposed and which are being used to help authenticate the identity of email senders, but they are only small steps with respect to solving the big problem of forged headers. A good explanation in technical terms the weakness of the protocol can be found at http://www.ironport.com/pdf/ironport_toc_bounce_report.pdf Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.